Comcast Shuts Off Customer's Internet Access For Phantom Data Usage

Jodi writes that while she doesn’t agree with Comcast’s habit of turning off customers’ Internet access due to “excessive usage,” while she’s their customer, she intends to play by their rules. This would be a lot easier if her usage meter didn’t indicate that her household used more bandwidth than should have been technically feasible.

She fired off this letter to a customer service contact for people who have problems related to excessive bandwidth use.

As I understand it, you are a manager at Comcast who is in charge of handling excessive use problems and related customer service issues, so I am directing this message to you in hopes that you can ensure that appropriate action is taken.

Earlier this month, I had my Internet shut off due to “excessive usage.” My household had recently upped its use of streaming video and whatnot, so, even though it came as as a big surprise to me that we had used so much bandwidth, I didn’t think anything of it and agreed to curtail the “excessive” usage. At the time, Comcast made a meter available on my customer profile so that I could monitor usage, which was helpful. As of September 15th, the meter showed usage of 15GB of the allowed 250GB for the month of September, so I didn’t think that this was going to be a recurring problem in any way. Nevertheless, everyone in my household was still judicious with the use of the Internet just in case.

As such, I was extraordinarily surprised when I checked the meter on September 27th to see that the meter reported that I was over the limit again at about 256GB. This is particularly perplexing because it implies that I’ve used 241GB of bandwidth in 12 days. According to the Comcast web site, your service offers 6mbps maximum download speeds, or about 750KB per second. This means that my service can download a maximum of 2.7GB per hour. In order to reach the 241GB of usage in 12 days, I would have had to have been downloading at full speed for almost 90 hours, or about 7.5 hours per day. I can assure you that this is not what my household was doing.

Once I realized that my household was again over the limit, I double checked to make sure that there were no unauthorized machines using my service. There weren’t, which is not surprising since my network is password protected and I use a MAC address filter on the router as an added precaution.

Because I am now acutely aware of the issue and am concerned about my service being suspended, I have been checking the meter on the Comcast web site almost daily. Sometimes it shows a reasonably normal increase of around 1GB/day, but other days the usage is reported as being completely off the charts. For example, usage during an overnight period was reported as 2GB even though I shut off all of the Internet-enabled devices. In addition, usage for September 29th is reported as 16GB (an increase from 263GB to 279GB), even though no one but my dog was even home to use the Internet. (16GB is even an impossibly large amount of puppy porn.)

I completely understand Comcast’s policy regarding excessive usage, and, while I do not agree with the ethics of the policy due to the fact that I have no other cable options available to me, I am in no way trying to argue the policy. I also understand that the Terms of Service state that the meter is independently verified by a third party, but that is not entirely relevant to this situation. Instead, the point that I have been trying to make to Comcast customer service is that the usage meter is not metering the usage for my account correctly, and the details above pretty clearly show that to be the case. Everyone at Comcast (including the legal department, which I did in fact speak to) agrees that something is not right with this situation, but the associates who actually have the power to investigate and rectify the situation are stubbornly refusing to do so. Therefore, if I cannot get this matter resolved through the appropriate Comcast channels, I will have no other option but to file complaints with the Massachusetts Attorney General’s office and the Better Business Bureau.

Comcast: ‘Unlimited Usage’ Doesn’t Mean ‘Unlimited Usage’
Comcast Tool Shows You Just How Great Metered Broadband Is


Edit Your Comment

  1. Daverson says:

    Does the OP have an unsecured wireless router?

    • corrie06 says:

      Did you bother to read? He said it was password protected and he uses MAC filtering.

      • GuyGuidoEyesSteveDaveâ„¢ says:


      • MongoAngryMongoSmash says:

        Did you? Jodi is a she, not a he.

        • Nigerian prince looking for business partner says:

          Did the article say Jodi’s sex?

          • GuyGuidoEyesSteveDaveâ„¢ says:

            Jodi writes that while she doesn’t agree with Comcast’s habit of turning off customers’ Internet access due to “excessive usage,” while she’s their customer, she intends to play by their rules. This would be a lot easier if her usage meter didn’t indicate that her household used more bandwidth than should have been technically feasible.

            She fired off this letter to a customer service contact….

            • Loias supports harsher punishments against corporations says:

              That’s sort of an assumption on Laura’s part, isn’t it?

              • theycallmeGinger says:

                It’s an assumption on your part that Laura arbitrarily decides gender. Don’t you think she receives more than what we’re seeing here, and that she knows the OP is a female?

          • theycallmeGinger says:

            If Laura said “she” so many times, what makes you question the gender?

    • KillerBee says:

      “Once I realized that my household was again over the limit, I double checked to make sure that there were no unauthorized machines using my service. There weren’t, which is not surprising since my network is password protected and I use a MAC address filter on the router as an added precaution.”

      Sounds to me like due diligence is being applied.

      • goodpete says:

        Her combination of MAC address filtering and “password protection” may be her undoing. If she’s using WEP, then it’s trivial for someone to obtain the key (takes 5-10 minutes on a modern computer). Getting around a MAC filter is also trivial, the attacker simply has to spoof the MAC address of a valid machine.

        The interesting part is that if they did that, then she wouldn’t see any “unauthorized” computers, as the attacker would show up as one of the authorized machines.

        All that’s a bit of a stretch though. As it’s much more likely one of her computers was compromised and is part of a bot net (which explains both how it got around the wireless security AND why it’s using excessive bandwidth at odd hours).

        The only problem is that she claims she turned off all internet-enabled devices one night and her usage still went up. Which would seem to indicate an “intruder.”

        So I’m not really sure what to make of this. I don’t think it’s likely that Comcast screwed up here. But if all the OP says is true, it’s also highly unlikely that she was using the bandwidth.

        I like another commenter’s suggestion of using a custom router firmware that will measure bandwidth usage on a per-device basis. Maybe that will explain things.

        • tinmanx says:

          But if she is doing MAC filtering, wouldn’t she know which MAC addresses are hers and see that there is a foreign machine on her network?

          • GuyGuidoEyesSteveDaveâ„¢ says:

            MAC address spoofing is the act of changing the MAC address of the device you are using to one that is on a user specified list. So she would only see MAC addresses of her computers, as someone may have spoofed one of them.

            • AI says:

              But it wouldn’t allow two devices with the same MAC address to connect. So if someone was MAC address spoofing, she’d notice by being unable to connect whenever the spoofer was connected.

              • Thunderhacker says:

                That’s only true if both devices are trying to operate simultaneously. If I was the bandwidth bandit (assuming it’s not a cloned cable modem, which is far more likely) I’d keep close tabs on when the devices I’m MAC spoofing are turned off and only use the access point during those times.

              • intense_jack says:

                It will if you use products that allow for man-in-the-middle attacks. There’s lots of freeware for these types of attacks. The router/switch will simply forward the network traffic (packets) to both devices, especially if they’re wireless.
                It’s also possible that it’s Comcast’s fault – maybe they’re doing something screwy. Which is more than plausible… or just as likely as a compromised computer or network.

          • kujospam says:

            My router easily lets me change the mac address to pretend to be someone else. It is a stand feature in most routers that I have bought atleast. It allows you to make sure you can spoof your own computer to the cable company so you can have more then one computer attached to the router. Example is when they want you to use one of their routers, but you already have one.

        • physics2010 says:

          First let me say “Boy have I been slacking. Only 143 GB for September.”
          Sounds like OP knows way around the router so bandwidth meter is probably not present.
          My suggestion would be to unplug the cable modem for a couple of nights checking the usage in the morning. While everyone has pointed to her wireless router as the probable source of the issue I’d suggest the other two options. 1) Someone in her house is using bittorrent without her knowledge 2) Someone is cloning her cable modem MAC address to authorize their router and get free service. Disconnecting the cable modem and checking the next morning would show which of these is the answer….either that or she has a iMac that phones home like the iphones causing mysterious data usage. :-)

          • MaxH42 thinks RecordStoreToughGuy got a raw deal says:

            THIS. This is the first thing I would try, to narrow down whether the problem originates with Comcast or with my network.

          • Difdi says:

            If someone in her house is covertly torrenting, just disconnecting the modem won’t do it. I’d suggest she sleep with the disconnected modem under her pillow. That way she KNOWS there’s no connection.

            If she’s still getting phantom data transfers, then the problem is on Comcast’s end (cloned modem is not a user serviceable problem).

        • Economists Do It With Models says:

          (OP here again) We put usage meters on all of the computers (i.e. not the Playstation, but everything we could put usage meters on), and the usage comes nowhere near what is being reported.

    • Nigerian prince looking for business partner says:

      Not according to the article.

    • bradanomics says:

      From the article:

      which is not surprising since my network is password protected and I use a MAC address filter on the router as an added precaution.

    • Tongsy says:

      If you read the leter you would see that OP has it secured, plus has configured a MAC filter as well.

      • Rachacha says:

        Even though she said her network is password protected, she did not inducate how strong the password was. Is she using the password “puppy”, or is she using the password “8u1$sYZc4”? Is she using encryption? Is it WEP or WPA?

        MAC Address filtering only keeps the honest people honest. All MAC filtering does is compare the computers connected to a predetermined list. If the encryption is not secure, the MAC address is being transmitted and the MAC address can be spoofed.

        I am not saying that this is the situation here, but there is not enough information to say for sure that her network is 100% secure.

        • SPOON - now with Forkin attitude says:

          The point being that she has made reasonable arrangements to secure her network. If she is still being used by someone its a crime. double checking her service usage will point that out and then she can take further steps in the correct direction.

          • AnonymousCoward says:

            Actually, there’s not enough information in the article to determine if she made a reasonable attempt at security. MAC filtering is useless, and who knows whether the password she used was a good one, either on the cable modem or the wireless router. Or whether or not she surfs the web logged in as the admin user (opening herself up to becoming part of a botnet), or….

            Regardless, she’s either got a kid who’d running a torrent server that she isn’t aware of, or she’s been hacked. In the first case, Comcast is right to kick her off for not abiding by the TOS. In the latter case, Comcast is right to kick her off because they need to protect themselves (and the rest of the internet) from hackers.

            OMG, I can’t believe I actually defended Comcast. That’s a first!

    • GuyGuidoEyesSteveDaveâ„¢ says:

      Considering she uses a MAC address filter as part of security, I’m guessing it’s sort of secured.

    • brianary says:

      Even if that were the case, what’s the maximum sustained throughput for a wireless router? Is this a G or N router?

      Also, you can never be sure about data measures unless everyone uses binary prefixes, otherwise you can bet that everyone is going to pick the denominator (1000 vs. 1024, for each level of units) that best suits them.

    • Economists Do It With Models says:

      Am I allowed to say that I am the OP? I am happy to give more details because I want to figure this out. Yes, there is a (strong) password, though, coincidentally, it does have my dog’s name as part of it. I am using WEP. However, I looked at the DHCP client list and there are no machines in the list that are unaccounted for, so it seems unlikely that there’s a lurking machine. Also, there is an unsecured wireless connection right next door, so wouldn’t anyone trying to steal bandwidth just use that?

      • Economists Do It With Models says:

        (Oh, and I AM a girl. =P)

      • tsumeone says:

        WEP is a joke, and can be cracked in 5 minutes or less. Use WPA. MAC filtering is not effective either, anyone can spoof a MAC address. I bet someone is stealing your bandwidth.

        As an IT professional, the minimum amount of wireless security I would ever consider using is WPA-PSK (tkip). The best security is WPA2-PSK (aes). If your devices are less than 5 years old, they probably support WPA2.

    • tape says:

      Does the PC read the entire post?

  2. humphrmi says:

    Good letter. I still suspect that Jodi’s network has been compromised and is being used by someone else for nefarious purposes.

    • Working for the man, he pays well. says:

      I am betting PuPPy pOrn.

    • dragonpup says:

      If I had to guess, that would be the most likely scenario.

    • Chip Skylark of Space says:

      If it’s still being used even on days when all network devices are turned off, then there are issues. Someone, either Comcast or the customer needs to be doing some packet sniffing.

    • Hooray4Zoidberg says:

      That’s still a seriously high amount of bandwidth for 12 days. Unless the entire neighborhood has cracked her Wifi password and cloned her Mac address it seems unlikely. I think Jodi should try turning off the router when she’s not home/asleep and see what happens.

  3. GuyGuidoEyesSteveDaveâ„¢ says:

    What kind of “password protection” is Jodi using? A script kid can break WEP in no time just using a laptop: Hiding your SSID or using a MAC filter only stop the curious. Anyone halfway competent can bypass those forms of “security” easily.

    Did Jodi try changing her password, changing her security protocol, and/or shutting off the Wifi on her router, etc….? I suggest she try them, and continue monitoring the usage and see if there is any difference.

    • BobOki says:

      Sounds to me like someone needs to setup bandwidth monitoring of their own. She sounds like a decently competent person, should be no problem for her to setup a monitor on her pc, or flash a 3rd party firmware (if available for her router) to monitor bandwidth usage on the router itself. Tomato (my fav) or ddwrt both have their built in and will easily load on a wide variety of routers.
      Here is this months report for me thus far: 2010-09 100.68 GB 78.28 GB 178.96 GB
      I am a POWER user hosting services, mail, web pages, I stream movies(netflix) and play online games with a 50 meg down 10 meg up connection, and with all that I have not gone over 178gig total (both up and down added) so I find this slightly hard to take in that a person who uses her pc “legit” and watches her stuff could transfer that type of data.
      That said, if she is running XP I would recommend her downloading Malwarebytes and combofix and running them just to be sure. If she in vista or win7 then just use malwarebytes.

      • Economists Do It With Models says:

        (OP here) We put meters on all of the computers to make sure that, as some have suggested, there wasn’t malware running that was downloading who knows what at a ridiculous rate.

        • ShadowFalls says:

          As mentioned, you have been monitoring the traffic going on so it is not like one of the kids are doing something you don’t know of… That is unless they are resetting it. Should be logs for that sort of thing.

          The router is reasonably secure. For those that want to argue, that type of security will stop the large majority of the human race from being able to access it. WPA or WPA2 would be better if at all possible.

          I would go with the suggestions others offered. Screenshot the usage (take record of) then disconnect your modem for the night, then go and see what it says the next day. If it jumped upwards, definitely Comcast’s problem. Though I would say the chance of it being Comcast’s problem is more than likely, but it isn’t like they will admit it.

          BTW, what happened to the Comcastcares guy? or has Comcast stopped caring altogether?

    • thor79 says:

      Correction: They don’t stop the curious..they stop the accidental joins to your network. Curious users imply they are trying to get in…and thus would find ways to get around simple security.

  4. Turnabout is Flair Play says:

    Perhaps OP’s network has been split prior to entering her home. Stealing cable from the box as it were back in the 90s.

    • DarthCoven says:

      From what I understand that’s a lot harder to do with somebody’s internet connection. You’d need a modem registered with the cable company to access the internet, wont you? TV is easy, as all you need to do is plug directly into a TV with a digital receiver.

  5. chucklesjh says:

    There’s this thing, it’s been around for awhile…. it’s called MAC address spoofing. Maybe your network itself is secure, but it is possible to clone the MAC of a cable modem. Their meter may be working after all.

    • jvanbrecht says:

      If you clone the mac of the cable modem, both devices will be dropped from the cable network.

      • chucklesjh says:

        OP didn’t say they didn’t unplug their modem! :)

      • physics2010 says:

        If you are on the same node I’m not sure its easily detectable, and of course that’s the simplest way of getting a valid mac address. If the cloned modem is told not to respond to certain types of requests it would be difficult indeed to track it. As far as two work simultaneously its proven to work as each modem just discards the invalid ip addresses for each of their networks. Not sure what happens when both users have a ip assigned….you’d probably want to take the precaution of setting up a different network range e.g. 192.168.x.101.

    • GuyGuidoEyesSteveDaveâ„¢ says:

      MAC address spoofing is spoofing the address of a device on the “allowed” list. The modem would be on the wrong side of the gateway to be filtered w/a MAC address filter.

    • Safemaster says:

      Bingo! Most likely spoofed mac on a different node. Comcrap is not going to admit that spoofing is even possible. She need to use DD-WRT firmware with compatible router to log her bandwidth use.

      Here is a nice link for info:

    • CappyCobra says:


      I would advise the OP to just ask for a new modem with a different MAC address.
      If the OP says they are unplugging the modem then I would point suspect to a cloned MAC address somewhere else on the comcast network (hacked or legitimate.. Prolly hacked).

      Even if its NOT the case, at least they can rule it out.

  6. mike says:

    It could be that her computer has some sort of worm or trogen that is acting as a zombie box.

    Whatever the case, it is not in Comcast’s best interests to investigate. They get their money without really providing a service.

    The OP should check out various month-to-month broadband cards available through many cell companies now. There is “competition”, but if she wants a land-broadband connection, she’s SOL.

    • MikeB says:

      That is a possibility, but how does that account for 2GB of usage when all internet connected devices are turned off?

      usage during an overnight period was reported as 2GB even though I shut off all of the Internet-enabled devices

    • Bohemian says:

      What might help would be to look at an hour by hour log of their usage. That could lend some clues about when it is happening. If it is happening when they are not home or asleep I would guess someone is hacking into their network and downloading things.

  7. Nigerian prince looking for business partner says:

    My gut reaction is that the meter is correct and there’s something else going on…

    1) The network has been compromised
    2) Someone in the household isn’t being truthful about actual usage
    3) Their home computer is hosting file sharing and the user doesn’t realize it
    4) Home computer is infected with a spam (or other data heavy) virus

    • Economists Do It With Models says:

      (OP again)

      To your first point, there are no unauthorized computers on the DHCP clients list, and all of those machines are in fact turned on so that the MAC address cloning would cause a problem.

      To the other points, I put usage meters on all of the computers and the usage is nowhere near what Comcast is reporting.

    • common_sense84 says:

      She said all devices were disconnected and the meter still logged activity. This proves without a doubt that comcast’s meter is broken.

  8. justdragit says:

    Looks like he’s taking good steps to secure him self, however that doesn’t mean there isn’t someone accessing his network without his knowledge.The MAC address filtering wouldn’t stop me(or some other technically savvy person) from getting into his network, and he’d never know it.


  9. KhaiJB says:

    I’d check for spoofing etc, by shutting the router and modem down for a day, then seeing what the usage for that day is. (actually pulling their power connections so there is no doubt they are off)

  10. Southern says:

    Get a router with a built in bandwidth monitor, or get a router (like the one on WOOT today) and install DD-WRT on it (it has a built in bandwidth monitor). DD-WRT will give you a day-by-day breakdown on how much bandwidth you’re using, and you can compare it to Comcast’s usage logs.

    According to several threads I’ve read on the Netflix forums, their movies can consume a LOT of bandwidth – up to 1GB for a regular SD movie, and up to 13GB for an HD movie.. So if you’re streaming from Netflix in HD, that 250GB can disappear pretty quickly.

    • Economists Do It With Models says:

      Thanks! The router info is helpful. And, given that we were trying to be careful, there was no Netflix streaming going on. :)

  11. human_shield says:

    If you read the letter (it’s kinda long) she did shut off her modem, etc and it still showed usage. I think Comcast’s meter is messed up. It’s either not showing usage at the right times or it’s combining usage with other accounts, or both.

    • trentblase says:

      She said she shut off “internet devices,” but it wasn’t entirely clear that she shut off the modem itself. I think she was referring to computers, etc. that connect to the internet, not devices that provide internet services.

      Even so, this could be like AT&T’s delayed data tracking… small transmissions aren’t registered until the end of the day.

  12. SJPadbury says:

    As far as seeing the usage go up even when the machines are offline or nobody is home, is it possible the meter is an update once a day sort of thing?
    At that point, checking to make sure the machines on the network aren’t compromised becomes a little more relevant, as the big spikes of usage might not correlate to when the OP thinks they do, but to the times right before the offline times they’re talking about.
    (Not saying that Comcast hasn’t likely screwed up here, just floating the possibility.)

  13. sufreak says:

    Odds are, she is secure. if she is using MAC address filtering, (which is a joke anyway), and a password, she’s clearly capable of securing her setup.

    I suggest she completely unplug and watch the usage meter go.

    As a person who has gone over the limit at least once, (by a good amount) and makes it a point to go near it every month to get my full value…I suspect their meter is off. Or its not a daily update to the meter, but a couple days behind.

  14. Floppywesl says:

    2 words


    • The hand that feeds, now with more bacon says:

      2 more:


      • Floppywesl says:

        The average person doesnt even know what that is , i have set up 1000000 routers in my sad life on this planet. I hide the SSID , Change to some random name , and enable MAC filtering.No issues in over a decade.Most people i talk to think computers work by magical garden gnomes i doubt one will get struck by Lightning and suddenly become ZeroCool.

        • GuyGuidoEyesSteveDaveâ„¢ says:

          SSID hiding is no security, and actually goes against the 802.11 specs:

          • SanDiegoDude says:

            Not only that, but anybody with a wireless NIC and AiroPeek can gather your SSID and your MAC addresses within seconds, just have to sniff your traffic between your devices and your Wireless Router.

        • wkm001 says:

          I’m sure that works really well right up until someone presses and holds the reset button. How often does that happen?

        • thor79 says:

          Someone wanting to use her wifi for nefarious purposes using that much data would know how to break her security. Chances are she’s just using WEP which is a joke. It’s better than nothing but for an experienced user it might as well be open. My bet is someone is spoofing one of her MAC addresses and breaking the WEP. Then downloading a bunch of torrents. Remember…the usage meter applies to both uploads and downloads…so 241GB in 12 days isn’t that outrageous for someone doing a lot of downloading and seeding.

    • justdragit says:


    • Doc S says:

      Two other words: f-ing useless.

      Jodi needs to:

      1) Configure the wireless side of the router with WPA/WPA2 encryption using a strong pass phrase (upper/lower case w/numerics, 16 or more characters – use Diceware if you want).

      2) Malware scan the computers in the house. Sustained traffic like this sounds like a compromised box somewhere on the network. Some programs, like ElectricSheep screen savers, some of the shadier media programs, etc. actually run a bittorrent process that people are generally unaware of.

      3) Look at the router logs and see what systems the computers on the network have been accessing and on what ports. Ports 6881-6889 would indicate some P2P activity.

      If the logs, the machines, and the network really are clean, then something’s screwy on the Comcast side.

    • katstermonster says:

      Three words: READ THE ARTICLE.

      OP clearly states that she is using MAC filtering.

  15. Extractor says:

    This is just the beginning. Now that comcast is aquiring NBC, there will be a lot more streaming and thus overusage. Dont know why anybody else foresaw that when comcast announced the 250 GB cap.
    Glad I got BrightHouse. (Currently happy)
    If all you comcasters out there were to cut their cable to as basic as possible and eliminate premium channels, you may get their executive’s attention. Until something drastic is done, you will be paying thru the nose or whatever.

  16. ThunderRoad says:

    All these people slamming the OP. Is it entirely possible it’s Comcast that has screwed up? Maybe putting multiple accounts into one meter? Or maybe the meter doesn’t even work?

    It’s comcast, after all. When have they really ever gotten anything right?

    • AnonymousCoward says:

      Possible. Yes. Also possible that the cable modem has been cloned, and there is a problem, but it isn’t coming from Jodi’s house.

  17. cluberti says:

    As someone who’s parents have been hit with this, we replaced the Comcast-provided modem/wireless router with a standard cable modem from Comcast and a new WRT54G running Tomato, and have noticed that the last two months have shown their usage is way down from previous months’ usage. However, Comcast’s meter is still about 24GB higher than what the router’s historical logs show, and Comcast cannot seem to offer any explanations. The parents are just using a desktop attached to the router (wireless radio is off, new cable modem is just a modem and does not have any of the previous modem/router’s wireless options), so one of the following three is happening:

    1. Comcast is fudging the numbers on purpose
    2. Comcast’s network tools really, really, really cannot count bits and bytes properly
    3. Tomato/WRT’s network counter is inaccurate

    Given that #3’s been hashed to death and the source and results have been deemed accurate, that leaves #1 and #2, and one is equally as bad as the other.

  18. SabreDC says:

    “This would be a lot easier if her usage meter didn’t indicate that her household used more bandwidth than should have been technically feasible.”

    It is technically feasible. Maybe it isn’t plausible, but it is certainly feasible. She would have had to been downloading at full speed for 7.5 hours a day. That means that it is feasible. It doesn’t sound like she knowingly did anything here; my guess is with neighbors leeching her service like everyone else pointed out. But, unfortuantely, she is responsible for the integrity of her home network.

    • asten77 says:

      If her comcast is anything like my comcast, I don’t think it’s even feasible. While it’s usually fast, it’s nowhere near the advertised speeds, and it’s not even close to being consistently at any speed, much less the top speed!

    • Krang Krabowski says:

      Yet another reason i hate consumerist headers… such inaccuracies. i want a retraction. i have seen usages as high as 1000gb a month from a fairly standard comcast connection but that guy was torrenting 24/7. my guess is that she has a kid downloading pirated software and prawn… or a very deviant neighbor that has accessed through her “security”.

  19. SanDiegoDude says:

    Just an FYI

    I can use open source tools such as AiroPeek and AirMagnet to gather your MAC addresses from your connected computers, then spoof my MAC to get around your filter. Also, if you have disabled SSID broadcasting, guess what? I can gather that from the same traffic, so you’re not safe there either.

    That’s step 1 to stealing your internet access. If you’re not using any encryption, I’m now using your connection.

    If you’re using WEP, I’ll have your encryption cracked within an hour or so. WPA/WPA2 I can crack within a few hours to a few weeks, depending on your password security. Oh, and for your password, don’t use a single word found in the dictionary, I’ll have that within minutes. Use a combination of Upper Case, Lower Case, numbers and special characters so I at least have to work at cracking your router.

    Honestly, anybody with determination and enough time can crack Wireless. If you want to be truly secure, disable wireless and run cables. With that being said, Most folks don’t have the patience to crack WPA/WPA2 security, so combining WPA/WPA2 security with a STRONG password should be enough to deter your wouldbe bandwidth thieves. MAC filtering, disabling SSID broadcast and WEP though, that’s just begging for somebody to crack and start downloading.

    I work for an Internet and Data Security company FYI.

  20. ktjamm says:

    I’d be more upset at the bandwidth cap then I would be at surpassing it, personally.

  21. Griking says:

    The OP should check her router to see if it has a build in traffic meter. I know that my Netgear WNDR3700 does. With it she can compare how much bandwidth Comcast says she’s using to how much her router says. It also have a nice little “Attached devices” utility where you can see how many devices are currently attached to your router.

  22. H3ion says:

    A question born of ignorance more than anything else. If Jodi has Comcast Internet and cable, is it possible for the television use to be included in the usage amount? I’m not a technician but the cable line is a single line and it would seem feasible for the gross usage to be what Comcast is measuring.

  23. tacitus59 says:

    Where is the usage meter located now? I checked it awhile back but I can’t find it anymore.

    • gnubian says:

      It’s in the “users & settings” section of your account. it can only be seen by the primary login for the account and it has to be deployed in your area.

  24. JoeTheDragon says:

    Comcast may be counting arp traffic that is on the same node. That traffic comes to your modem and is dropped by the modem.

    Are they conting the data that your cable boxes are useing as well?

  25. wkm001 says:

    “This would be a lot easier if her usage meter didn’t indicate that her household used more bandwidth than should have been technically feasible.”

    Actually after reading the article is sounds like it is “technically” possible to transfer that much data. Maybe you should use a different word like realistically.

    Get a router that you can put DD-WRT on and graph your usage. This way you will know when the offense occured.

    Is your router being power cycled on a regular basis? Possibly if the counters are being reset, SNMP byte counters that is. Lets say your counters are at 1000, and the counter goes to 1,000,000 before it rolls back over to 0. The next time Comcast polls your router the counter is at 500 because it was power cycled and you had a minimal amount of traffic. Comcast’s system is going to assume you transferred 999,500 bytes. Which you obviously didn’t.

    If you don’t want to do all of the above, and you rent a modem, have them issue you a different modem. It will have a different MAC address and possibly solve whatever error their system possibly has.

    • wkm001 says:

      Is your router being power cycled on a regular basis?

      I meant to say, “Is your modem being power cycled on a regular basis?” Comcast should be polling your/their modem to get your usage.

  26. Bryan Price says:

    When the meter got turned on for our account, I was (un?)pleasantly surprised to find that the family had managed to use over 250GB in December. I’m aware of how much I download, but what the others in my family do is questionable. My son downloads stuff via uTorrent, my wife is watching all sorts of TV online. We’ve also never gotten a letter warning us that our usage is out of line.

    Had I been the OP, I would have been turning the modem itself off and documenting that, recording what the usage was before, and what it was after being turned on, if it didn’t jive, I’d be going after them with the FTC, FCC, AG, BBB and anything else I can think of.

    I also seriously doubt that somebody cracking their WiFi would be using that much data, since they would necessarily be farther away from the router, and therefore getting reduced throughput.

  27. golddog says:

    Just a minor quibble with the OP…at the end of her letter she calls the excessive use policy an “ethical issue” because she “has no other cable options available” to her. The throttling (or whatever) sucks, but it’s not an ethical issue.

    • golddog says:

      Wait…did I just defend Comcast? I think I just threw up in my mouth a little bit.

      The letter was looong so I missed that Comcast was actually terminating her service when she crossed the limit. I’ll give the OP that terminating, or even throttling the her service, if done by Comcast in error-but-knowingly, would be considered unethical. More than likely though it’s just incompetence or ignorance somewhere.

  28. pot_roast says:

    Yet another reason to be against monthly bandwidth caps.

  29. mikedt says:

    Given all that she’s done so far, I’d say her next step is to turn the router off when she isn’t actually using it (at work and at night) and then track her usage moments before and after the turn on/offs. If the usage is increasing during the off periods then I’d raise a big stink with Comcast.

    She might want to go so far as to turn off wireless for a few days and stick to wired connections. If it really is a freeloader they might move on to greener pastures while she has it turned off. When she flips it back on I’d change everything, ssid, passwords, etc.

  30. Macgyver says:

    If she has any kids, maybe one of them is downloading a lot, and they not telling her.
    Or maybe shes part of a botnet, and all her computers isn’t shut off like she say’s.
    Or else she doesn’t realize how much bandwidth it takes to watch a streaming video.
    Comcast meter is delayed by up to 3 hours, so it can say one thing when she shuts them off, then the next time she checks it, it could say something else.

  31. Hi_Hello says:

    16gb of puppy porn, hahahahahahah awesome letter.

    comcast agrees something is whack.

  32. thor79 says:

    It is completely feasible to generate that much usage…not only can you do that just downloading, but you can generate it even quicker by using torrents. Uploading is counted against the usage meter just as much as downloading…so if someone is doing 1:1 torrent seeding and doing a lot of downloading…then they’ll generate plenty of usage. Instead of 241GB it turns into 120.5GB both ways. Chances are it’s probably closer to like 150GB down 91GB up due to the slower upload speeds.

    Secure your access point next time and you won’t have to worry about people stealing your bandwidth. MAC Address filtering does nothing to stop a determined person from getting on your network. From the level of detail provided it sounds like you’re also using WEP securtiy, which is no security. Hire a local pc tech to properly secure your access point.

  33. gnubian says:

    OP isn’t calculating in 2 additional factors ..
    1- upload potential of the connection
    2 – speedboost which increases the download and upload speeds .. if the activity is sustained, powerboost activates and de-activates repeatedly.

    it’s easy enough to hit 18.6GB in under 30 hours without exceeding the 6mbps limit .. I just finished grabbing a torrent a couple days ago .. 1:1 dl/seed ratio @ completion with dl speeds never passing 2mbps and uploads capped at 1mbps

  34. framitz says:

    It sounds like one or more computers on the OP home network is infected with a bot that is generating the excessive traffic. I would expect most of that traffic to be outbound though.

    Someone using bit torrent?

    I see no mention about checking the computers and other devices that might be attached, that should not be overlooked.

  35. Pax says:

    My first thought is, they have a wireless network, and it isn’t secured.

    That’s also my second, third, and fourth thought.

  36. VeganPixels says:

    If you’re willing to pay cable prices for internet access anyway, why not just sign up for the $60 business class PLAN WITH NO CAP?

    • Economists Do It With Models says:

      (OP here) Comcast won’t give you the business plan once they’ve shut off your residential plan for excessive use. Sadness.

  37. psm321 says:

    Our local LUG mailing list had an example from a technically savvy user who measures his own bandwidth usage at his router, and it was _significantly_ lower than what Comcast said he was using and was contacting him about

  38. Groanan says:

    16gb really is a large amount of puppy porn – at least until the puppy porn industry switches over to HD.

    Earlier this year I went over my Comcast limit in the span of four days, I then tried to switch to AT&T, but they were too incompetent, so I switched to Comcast Business – which has no bandwidth limit (but comes at three-ish times the cost and with a two-year contract.)

  39. evnmorlo says:

    The hilarious part is selling internet that you can only use 12 days for 8 hours a day per month. Powerboost!! Docsis 3.0!! Disconnected…

  40. JonBoy470 says:

    The OP needs to ditch her crappy Comcast-branded cable-modem/wireless router combo and get a standalone router that supports WPA2 encryption. WEP is crackable in minutes, and MAC addresses are easily spoofed. Also she needs to audit her attached PC’s for BitTorrent clients and malware.

  41. common_sense84 says:

    File your complaints now. Do not wait.

    Also their policy is not reasonable 250gb is tiny. Their rates are higher than ever and the cost per GB is the cheapest it has ever been. Restricting your use is not reasonable in any way.

  42. yurei avalon says:

    Also, on some routers there is an option to limit the amount of actual devices on the network at any given time. I know mine is capable of this, and considering I only have 1 device at home ever on the network, I set it to 1 as another option to keep people out. I have also wanted to do this at my bf’s house to keep all his cousins hanging out there all day off of the network and thus not slowing it down with downloads.. Not my call to make though, sadly.

    If that ends up being her problem, maybe it’s worth a try. I also name my computers in such a way they can be recognized on a network so I know what is legit in the connected list in case of unwanted users when I am viewing the log.

  43. draxen says:

    I have the same problem with Comcast. Everyone in my family has a pc and everyone is using the web extensively. I cannot believe that 250GB could be considered excessive. But even if, I’m watching my usage and in less than a week it jumped 25GB. That’s really hard to believe, since I’m only getting around 3mbps. I wish there was some competition. I think I’ll just order DSL.